VYPR
Unrated severityNVD Advisory· Published Jul 6, 2015· Updated Jun 17, 2026

CVE-2015-2741

CVE-2015-2741

Description

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

22

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.